FireEye has put together a list of the most common words and phrases that appear in fake emails designed to infect corporate networks and steal data.
The security firm said that the list spotlights the social engineering techniques that feature as a key component of so-called spear phishing attacks. Hackers tend to use words …

Talking of Tax Rebates

Re: Was this an actual study?

It's not terribly obvious what their sampling method was. They claim that their headline stats are based not on emails sent but on emails actually making it through corporate defenses, which implies either that they've installed monitoring software that counts malicious emails without actually blocking them (thanks!) or they are trawling through post-mortems.

If you only count successful attacks, EXEs will score well because however rare they might be they will have a near 100% success rate when they *do* get through.

Interesting to note that PIFs (remember them?) were still in the top 5 last year. Less interesting to note that ZIP is the number one malware extension by a long way. Clearly they didn't count "URL in the email text" as a vector, although it is probably even more common (and probably more effective) than ZIPs.

Re: Talking of Tax Rebates

Re: Talking of Tax Rebates

I am convinced that HMRC deliberately set the tax code and their calculations so that you always underpay tax by a very small amount. That way, they don't have to refund any penalties that you may pay if you are late submitting a tax return (it used to be that if they ended up owing you money, the penalty would have to be written off if not already paid or refunded if it had).

At the end of each of the last three financial years or so, I have 'owed' less than two pounds (sometimes mere pence), and I can't fully understand why. If it were just down to rounding errors, I would expect to have overpaid sometimes, but it just doesn't happen.

Re: Talking of Tax Rebates

Had it the other way round, out of work, totally skint (literally a few pennies around the bedsit), opens gas bill for £23.21, sighs and sits down pretty hopeless, opens next envelope with deepening sense of dread, tax rebate £23.16, smiles ever so slightly and rejoices at the order or events.

Re: @mike2R (was: Uh ... Duh?)

Re: Uh ... Duh?

Re: Uh ... Duh?

'Words such as "DHL", "UPS", and "delivery"....'

Working in the business, what never ceases to amaze me is the number of people who open these, even though they're not actually expecting a delivery and then phone us up to a) bollock us for putting trojans in our emails and b) ask where their delivery is[1]!

Re: 'Words such as "DHL", "UPS", and "delivery"....'

Couldn't agree more, despite drilling it into staff at various clients they still go and open these emails thinking its real - usually because it happens to coincide with something that was recently ordered.

In fact at one customers the owner actually printed an A4 warning and pinned it on the wall directly in front of the admin girl and she STILL opened the email.

I have content filtering (as well as AV / AS) in place where ever it can be installed, but its only a small layer of defence.

I have noticed there's some unusual ones, such as 'littlewoods' & 'school report'. Just got to be careful.

Re: actually printed an A4 warning ... and she STILL opened the email.

Re: 'Words such as "DHL", "UPS", and "delivery"....'

"In fact at one customers the owner actually printed an A4 warning and pinned it on the wall directly in front of the admin girl and she STILL opened the email."

There is a mentality amongst some of the clue-deprived that it might possibly be important and that no email should be left unopened. This leads to such things as "I know my antivirus program said it had some kind of infection but I opened it anyway"

One of said people filed an official complaint against me for "speaking to her as if she was a naughty child and making her feel bad" after having to clean her computer for the 3rd time in 3 months.

A friend of mine

Once got an email claiming to be from an Australian property lawyer investigating some land my friend had supposedly inherited (which he had no clue about). They wanted to sell it for him, taking a 5% cut.

Sounded dodgy as hell, but it was no cash up front - six months later he was holding a cheque for £27k.

He was very glad this was in the days before aggressive spam filtering.

Re: A friend of mine

Had an email from a lawyer in Germany asking to contact an old boy of our UK school via our school website. A Google search had thrown up the old boy's name in someone's posting in our Guestbook. Apparently an inheritance was being offered. The boy and his mother had come to England from Germany just after the war .

Did a lot of thinking and checking of the email domain ownership and German lawyer registrations - before contacting the old boy. There was a double-check from the family information supplied by the lawyer. It appeared genuine - but I still explained to the non-internet old boy how to recognise a scam. Never heard the outcome though.

Re: The taxman

note to users

When you do get something that you think (and normally is obviously SPAM) might be SPAM DON'T SEND THE FECKING email to the IT department with a "do you think this is SPAM?" appended to the email WE'RE NOT INTERESTED!

No Genuine Offer of Cash *ever* Arrives, unexpected, by e-mail

Also hotel bookings...

In the past couple of months I've received a lot of bogus booking.com hotel and flights bookings bearing trojans. The AV-detection has been about 24 hours behind the mailings, so they don't get caught.

The latest ones in the past few days are fake Facebook notifications:

"

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you've been listed as a close friend.

Makes a change from the Nigerian rubbish

I'd have thought with all the security alerts from the various banks I don't have accounts with I would be owed a rebate. Mind you the dodgy email is no worse than when you're called by working family tax credits each year and they promptly ask for all your details including NI number and postcode. I thought we' re not supposed to give out details over the phone. The last time I challenged them the woman got quite stroppy and told me to dial 1471. When I rang it turns out the number they use is incoming barred.

To protect you against online fraud, please take a moment to download Rapport - dedicated online banking security software from the experts at Trusteer. It only takes a few minutes to download and install, and there's no need to restart your computer. Rapport will: